12 February 2004
Dynamic Sites and CGI: FormMail Exercise
Now that you’ve done a little bit with CGI, I‘m going to have you retrieve a CGI script from an archive, and install it into your account on Grace. Then you’ll develop a form to access that script.
We’ll be using a script from Matt’s Script Archive called FormMail, which is used to email form inputs to you. Go to the archive and download the script now. You should also review at the ReadMe file for FormMail.
Part 1: Configuring and Installing FormMail
You’ll be installing the formmail script into the same directory where you placed the first.cgi script from the last exercise. The permissions should already be set properly on that directory.
Save/download and open FormMail.pl so that you can edit the necessary variables.
The first line of the file needs to show the location of perl on the server. On grace, the location is /usr/local/bin/perl (you can find this by doing the “which perl” command at the unix prompt).
Default: #!/usr/bin/per
Grace: #!/usr/local/bin/perl
After that, there are only three variables in the perl file that you will need to define:
- The $mailprog variable must properly define the location to your server’s sendmail program. If this is incorrect, form results will not be mailed to you (because the program won’t know WHERE the mail program is on your system). It’s tricky to find the sendmail program on grace. You’d think it would be in something like usr/lib or even usr/bin. It’s in usr/sbin … and, if you type “which sendmail” at the prompt, you can verify this.
Default: $mailprog = ’/usr/lib/sendmail –i -t’;
Yours: $mailprog = ’/usr/sbin/sendmail –i -t’;
The next thing that must be changed is called @referers. This controls basic access to your formmail script. You wouldn’t want the entire world pointing to your server, right? Let them get their own script and install it themselves. (Think of how much a spammer would enjoy having free access to your mail scripts to blanket the world with more unwanted mail.) On mine, I changed this value to (‘rit.edu’,’lawley.net’) so that I can run the script from any of my RIT accounts or my server.
The default @referers looks like this:
@referers = (‘scriptarchive.com’,’209.196.21.3’);
Yours should look like this:
@referers = (‘rit.edu’);
Now only web pages on rit.edu folks can call this script.
The third one, @recipients, is the most important one… This one will stop spammers or hackers from using your form to pollute the world with unwanted e-mail! We can set this one to hold either domain names or specific e-mail addresses that the form can send mail to. (For an exhaustive description, see the Read Me).
It’s important to realize that you need to add the domain of each e-mail address you want to send to (sub-domains need to be listed separately!)
Default: @recipients = &fill_recipients(@referers);
Yours: @recipients = &fill_recipients(‘rit.edu’,’it.rit.edu’);
Now you can have the form send E-Mail to either your RIT address or your FirstClass address! While you could add something like ‘hotmail.com’, that makes the script less secure. The most secure approach would be to use specific addresses rather than domains.
Finally, because it’s a cgi script, you’ll need to change the name of the script from formmail.pl to formmail.cgi to get it to work. You can rename the file in any number of ways including using the mv command in UNIX or renaming the file before you install it. (Remember – since it is a script it MUST have execute permissions!)
Test the script by loading it directly in a browser; http://www.rit.edu/~yourid/pathtoyourcgidir/formmail.cgi. You should see a box with the name of the program and a copyright statement; if you get an error, be sure to check (a) permissions on the directory and the script (should be 755), (b) line breaks on the perl file, © correct perl address in the first line, etc.
Part 2: Creating a Form to Use FormMail
Now you need to create a form to call the script. The form should be somewhere in your www directory tree (but not in the cgi directory, ideally). Set the method=”POST” and action=”http://www.rit.edu/~yourid/pathtoyourcgidir/formmail.cgi”
One field on your form should be named “recipient” and should have a value of an email address with a domain that is included in the referrers array of the script (e.g @rit.edu or @it.rit.edu)
Use the documentation (the Read Me file on the FormMail page) to determine what other reserved field names are used by the script, and see if you can use them appropriately and successfully in your mail form.
Make sure you upload the HTML page with the form to Grace before you test it; otherwise the script will reject it because it’s not on an approved “referrer” site.
Open your form in a browser, fill it out, and submit it. Check your email. Did you get the information? If not, go back through these steps and keep trying until you get it installed correctly. (Sometimes there’s a delay in receiving the mail.)